Disarm appears to change file names or file types of attachments

book

Article ID: 224307

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

End users report the file names or content types have been changed by the Messaging Gateway (SMG) Disarm feature such that they have different file names or appear as different file types after Disarm reconstruction.

Cause

The SMG Disarm feature does not change the file type of the attachment but if a message has attachments with different content types than is reported in the attachment metadata, then Disarm will update the attachment metadata to match the attachment's true file type. This does not affect the attachment name but may affect how the end user mail client displays the attachment or its file name.

This may be the result of the sending mail client naively setting the Content-Type metadata based on file extension rather than file content.

Example: A message with an attachment reported as attachment/pkcs7-mime in the attachment metadata but which actually includes attachment/pdf content will have the Content-Type metadata in the message modified to show attachment/pdf rather than the original attachment/pkcs7-mime.

Original Message

--0000000000009babba05cb05b84d
Content-Type: application/pkcs7-mime;
      name="file.pdf.p7m"
Content-Disposition: attachment;
      filename="file.pdf.p7m"
Content-Transfer-Encoding: base64

After Disarm

--0000000000009babba05cb05b84d
Content-Type: application/pdf;
      name="file.pdf.p7m"
Content-Disposition: attachment;
      filename="file.pdf.p7m"
Content-Transfer-Encoding: base64

Environment

Release : 10.7.4

Component : Disarm

Resolution

This behavior is under investigation by SMG product engineering to confirm that this is expected and desired behavior for the Disarm feature. 

It is unlikely that this behavior will be changed as SMG Disarm is correcting what may, in some cases, be a malicious attempt to bypass attachment scanning.